deploying a fully routed enterprise campus network€¦ · • eigrp/ospf routing preference over...
TRANSCRIPT
-
1© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
DEPLOYING A FULLY ROUTED ENTERPRISE CAMPUS NETWORKSESSION RST-2031
-
222© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Agenda
• Campus Network Designs
• Routed Access Design
• EIGRP Design Details
• OSPF Design Details
• PIM Design Details
• Summary
-
333© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Hierarchical Campus DesignBuilding Blocks
Data CenterWAN Internet
SiSi SiSi SiSi SiSi SiSi SiSi
SiSi SiSi
SiSi SiSiSiSi SiSi
SiSi SiSi
Access
Distribution
Core
Distribution
Access • Offers hierarchy—each layer hasspecific role
• Modular topology—building blocks• Easy to grow, understand, and
troubleshoot• Creates small fault domains—clear
demarcations and isolation• Promotes load balancing and
redundancy• Promotes deterministic traffic patterns• Incorporates balance of both Layer 2 and
Layer 3 technology, leveraging the strength of both
• Can be applied to all campus designs; multilayer L2/L3 and routed access designs
-
444© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Tried and True: Reference DesignMultilayer L2/L3 Design
• Consider fully utilizing uplinks via GLBP• Distribution-to-distribution link required for route summarization• No STP convergence required for uplink failure/recovery• Map L2 VLAN number to L3 subnet for ease of use/management• Can easily extend VLANs across access layer switches if required
10.1.20.010.1.120.0
VLAN 20 DataVLAN 120 Voice
VLAN 40 DataVLAN 140 Voice
10.1.40.010.1.140.0
HSRP or GLBPVLANs 20,120,40,140
HSRP or GLBPVLANs 20,120,40,140
ReferenceModel
Layer 3SiSiSiSi
Layer 2
Access
Distribution
-
555© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Data Center
SiSi SiSi
SiSi SiSi
SiSi SiSi
Hierarchical Campus DesignMultilayer L2/L3 Building Blocks
• Highly available and fast—always on• Deploy QoS end-to-end: protect the good and
punish the bad • Equal cost core links provide for best
convergence • Optimize CEF for best utilization of redundant
L3 paths
• Aggregation and policy enforcement• Use HSRP or GLBP for default gateway protection• Use Rapid PVST+ if you MUST have L2 loops in
your topology• Keep your redundancy simple; deterministic
behavior = understanding failure scenarios and why each link is needed
• Network trust boundary• Use Rapid PVST+ on L2 ports to prevent loops in
the topology• Use UDLD to protect against 1 way interface UP
connections• Avoid daisy chaining access switches • Avoid asymmetric routing and unicast flooding,
don’t span VLANS across the access layer
Access
Distribution
Core
Distribution
Access
-
666© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Routing to the Edge Layer 3 Distribution with Layer 3 Access
• Move the Layer 2/3 demarcation to the network edge
• Upstream convergence times triggered by hardware detection of link lost from upstream neighbor
• Beneficial for the right environment
10.1.20.010.1.120.0
VLAN 20 DataVLAN 120 Voice
VLAN 40 DataVLAN 140 Voice
10.1.40.010.1.140.0
EIGRP/OSPF EIGRP/OSPF
GLBP Model
SiSiSiSi
Layer 3
Layer 2
Layer 3
Layer 2EIGRP/OSPF EIGRP/OSPF
-
777© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Data Center
SiSi SiSi
SiSi SiSi
SiSi SiSi
Hierarchical Campus DesignRouted Access Building Blocks
• Highly available and fast—always on• Deploy QoS end-to-end: protect the good and
punish the bad • Equal cost core links provide for best
convergence
• Access layer aggregation • Route summarization to the core to minimize
routing events• Route filtering from the core to minimize routing
table size in access• OSPF stub area border (ABR)• Keep your redundancy simple; equal cost load
balancing between access and core• Vary CEF algorithm to prevent polarization
• Network trust boundary• VLANs are contained to the access switch • Use EIGRP or OSPF on interfaces to
distribution layer• Use parallel paths for Equal Cost Multi Path
(ECMP) routing • Use EIGRP stub routers or OSPF stub areas to
limit scope of convergence events
Access
Distribution
Core
Distribution
Access
-
888© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
What Is High Availability?
DPM—Defects per Million
Availability Downtime Per Year (24x365)
99.000%
99.500%
99.900%
99.950%
99.990%
99.999%
99.9999%
3 Days
1 Day
53 Minutes
5 Minutes
30 Seconds
15 Hours
19 Hours
8 Hours
4 Hours
36 Minutes
48 Minutes
46 Minutes
23 Minutes
DPM
10000
5000
1000
500
100
10
1
“High Availability”
-
999© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
What If You Could…Reduce Cost Through Diminished Risk of Downtime
• Costs for downtime are highOne day cost of lost productivity = $1,644 per employee
100 person office = $164K per day
• More than just a datanetwork outage
• More than just revenue impacted
Revenue loss
Productivity loss
Impaired financial performance
Damaged reputation
Recovery expenses Source: Meta Group999
$ 205$1,010,536Average
$ 107$ 668,586Transportation
$ 244$1,107,274Retail
$ 370$1,202,444Insurance
$1,079$1,495,134Financial Institution
$ 134$1,610,654Manufacturing
$ 186$2,066,245Telecommunications
$ 569$2,817,846Energy
Revenue/ Employee-
HourRevenue/HourIndustry Sector
-
101010© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Campus High AvailabilitySub-Second Convergence
Worst Case Convergence for Any Campus Failure Even
Sec
on
ds
00.20.40.60.8
11.21.41.61.8
2
L2 AccessOSPF Core*
L2 AccessEIGRP Core
OSPFAccess*
EIGRPAccess
L2 Access (Rapid PVST+ HSRP)
L3 Access
*OSPF Results Require Sub-Second Timers
-
111111© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
High-Availability Networking in the Campus
Reinforced Network Infrastructure:Infrastructure Security HardeningDevice-Level and Software Resiliency
Real World Network Design:Hierarchical Network Design—Structured Modular Foundation
Network Operations:Best Practices
Real-Time Network Management:Best Practices
Best-in-Class Support:TAC, CA, Etc.
-
121212© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Routed Access DesignStructured Design Foundation
• EIGRP or OSPF routed links between access and distribution• Routed interfaces, not VLAN trunks, between switches• Equal cost multi path to load balance traffic across network• Route summarization at distribution (like L2/L3)• Single (IGP) control plane to configure/manage (no STP, HSRP,)
10.1.20.010.1.120.0
VLAN 20 DataVLAN 120 Voice
VLAN 40 DataVLAN 140 Voice
10.1.40.010.1.140.0
EIGRP or OSPFEqual Cost Multi Path
Layer 2
Layer 3
SiSiSiSi
SiSiSiSi Access
Distribution
-
131313© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Agenda
• Campus Network Designs
• Routed Access Design
• EIGRP Design Details
• OSPF Design Details
• PIM Design Details
• Summary
-
141414© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Why Routed Access Campus Design?
• Most Catalysts® support L3 switching today• EIGRP/OSPF routing preference over spanning tree• Single control plane and well known tool set
Traceroute, show ip route, sho ip eigrp neighbor, etc…
• IGP enhancements; stub router/area, fast reroute, etc..• It is another design option available to you
Layer 2
Layer 3
SiSiSiSi
SiSiSiSi Access
Distribution
-
151515© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Ease of Implementation
• Less to get right:No STP feature placement coreto distribution
LoopGuardRootGuardSTP Root
No default gateway redundancy setup/tuning
No matching of STP/HSRP/GLBP priority
No L2/L3 multicast topology inconsistencies
-
161616© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Ease of Troubleshooting
• Routing troubleshooting toolsShow ip route
Traceroute
Ping and extended pings
Extensive protocol debugs
Consistent troubleshooting; access, dist, core
• Bridging troubleshooting toolsShow ARP
Show spanning-tree, standby, etc…
Multiple show CAM dynamic’s to find a host
• Failure differencesRouted topologies fail closed—i.e. neighbor loss
Layer 2 topologies fail open—i.e. broadcast and unknowns flooded
-
171717© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Routing to the Edge Advantages? Yes, in the Right Environment
• EIGRP and OSPF converge in
-
181818© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Routed Access Considerations
• Do you have any Layer 2 VLAN adjacencyrequirements between access switches?
• IP addressing—do you have enough addressspace and the allocation plan to support arouted access design?
• Platform requirements;Catalyst 6500 requires an MSFC with hybrid (CatOS and Cisco IOS®) in the access to get all the necessary switchport and routing features
Catalyst 4500 requires a SUP4 or higher for EIGRP or OSPF
Catalyst 3500s and 3700s require an enhanced Cisco IOS image forEIGRP and OSPF
-
191919© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Interior Gateway Protocol OptionsStatic Routing
• BenefitsPrice; in default Cisco IOS feature set for routers and Layer 3 switches
• ConsiderationsConfiguration intensive and prone to error
Potential routing black holes during some failure conditions
• Design guidanceDefault route from the access to the distribution
Specific route from the distribution to the access
Set next-hop to neighbor’s adjacent IP interface address to minimize black holes during failure conditions
Redistribute static routes from distribution to core—summarize access subnets when possible
-
202020© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Interior Gateway Protocol OptionsRIP Routing
• BenefitsWidely supported
Price; in default Cisco IOS feature set of Catalyst L3 switches
• ConsiderationsSlow convergence time
Limited network diameter; max hops = 16
Redistributing into an advanced IGP?
• Design guidanceUse RIP version two; VLSM
Tune hellos down to one second
Summarize routes from distribution to core
Use routed interfaces vs. VLAN trunks
-
212121© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Interior Gateway Protocol OptionsEIGRP Routing
• BenefitsSimple to configure
Extremely fast convergence without tuning
Scales to large topologies
Flexible topology options
• ConsiderationsCisco innovation
Summarization to limit query range
Price; requires enhanced IOS image in some Catalysts
• Design guidanceLater in the presentation
-
222222© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Interior Gateway Protocol OptionsOSPF Routing
• BenefitsFast convergence with tuning
Widely deployed industry standard
• ConsiderationsDesign and configuration complexity
Price; requires enhanced IOS image in most Catalysts
Topology design restrictions
• Design guidanceLater in the presentation
-
232323© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRP vs. OSPF as Your Campus IGPDUAL vs. Dijkstra
• Convergence:Within the campus environment, both EIGRP and OSPF provide extremely fast convergence
EIGRP requires summarization
OSPF requires summarization and timer tuning for fast convergence
• Flexibility:EIGRP supports multiple levels of route summarization and route filtering which simplifies migration from the traditional multilayer L2/L3 campus design
OSPF area design restrictions need to be considered
• Scalability:Both protocols can scale to support very large enterprise network topologies
00.20.40.60.8
11.21.41.61.8
2
OSPF OPSF 12.2S EIGRP
UpstreamDownstream
-
242424© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
CEF Load BalancingAvoid Underutilizing Redundant Layer 3 Paths
• The default CEF hash‘input’ is L3
• CEF polarization: In a multi-hop design, CEF could select the same left/left or right/right path
• Imbalance/overload could occur
• Redundant paths are ignored/underutilized
Redundant PathsIgnored
SiSiSiSi
SiSi SiSi
SiSi SiSi
L
L
R
RDistribution
Default L3 Hash
CoreDefault L3 Hash
DistributionDefault L3 Hash
AccessDefault L3 Hash
AccessDefault L3 Hash
-
252525© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
CEF Load BalancingAvoid Underutilizing Redundant Layer 3 Paths
• With defaults, CEF could select the same left/left or right/right paths and ignore some redundant paths
• Alternating L3/L4 hash and default L3 hash will give us the best load balancing results
• The default is L3 hash—no modification required in core or access
• In the distribution switches use:
mls ip cef load-sharing full
to achieve better redundant path utilization
SiSiSiSi
SiSi SiSi
SiSi SiSi
RL
RDistributionL3/L4 Hash
CoreDefault L3 Hash
DistributionL3/L4 Hash
L
RL
Left Side Shown
AccessDefault L3 Hash
AccessDefault L3 Hash
L
All PathsUsed
Note: Catalyst 6500 SUP720 does not require CEF tuning
-
262626© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Routed Access DesignHigh-Speed Campus Convergence
• Convergence is the time needed for traffic to be rerouted to the alternative path after the network event
• Network convergence requires all affected routers to process the event and update the appropriate data structures used for forwarding
• Network convergence is the time required to:
Detect the event
Propagate the event
Process the event
Update the routing table/FIB
SiSiSiSi
SiSiSiSi
-
272727© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
High-Speed Campus Convergence—Event Detection
• When physical interface changes state, the routing process is notified
This should happen in the ms range
• Some events are detected by therouting protocol
L2 switch between L3 devices is a typical example
Neighbor is lost, but interface is UP/UP
Hello mechanism has to detect the neighborloss
• To improve failure detectionUse routed interfaces between L3 switches
Decrease interface carrier-delay to 0s
Decrease IGP hello timersEIGRP: Hellos = 1, Hold-down = 3OSPF: Hellos = 250ms
SiSiSiSi
SiSi
SiSi
SiSi
Hello’s
L2 Switch orVLAN Interface
RoutedInterface
-
282828© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
High-Speed Campus Convergence—Propagate the Event
• When an event occurs that changes the topology, all routers that were previously aware of the path need to be notified about the topology change
• EIGRP uses the query/reply process to find alternate paths
• OSPF propagates LSAs and all affected routers recalculate SPF to find alternate paths
LSA timer tuning can improve OSPF event propagation performance
SiSiSiSi
SiSiSiSi
SummaryRouteFilter
• Summarization and route filtering can be used to limit the number of routers needing to participate in a network topology change event
-
292929© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
High-Speed Campus Convergence—Process the Event
• Once a router has been notified that a topology changing event has occurred, it must recalculate a new path or topology for forwarding traffic
• EIGRP uses the DUAL algorithm to calculate a next hop successor(s) and possibly feasible successor(s)
• OSPF uses the Dijkstra SPF algorithm to calculate a shortest path tree for the new topology
SPF timer tuning can speed up SPF processing time
-
303030© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
High-Speed Campus Convergence—Update the Routing Table and FIB
• After a new path or topology has been calculated by the protocol algorithm, the routing table must be updated
Routing Information Base (RIB) is the routing table
Forwarding Information Base (FIB) is based on the RIB and used by the hardware to forward traffic
• Projects are under way to make the RIB faster, more scalable and to improve the FIB info download to the line-cards
A B
SiSiSiSi
SiSiSiSi
Traffic Dropped Until
LSA Generated/
Processed and
Routing Table/FIB
Updated
• Summarization and route filtering can be used to limit the number of routes needed in the RIB and FIB
-
313131© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Agenda
• Campus Network Designs
• Routed Access Design
• EIGRP Design Details
• OSPF Design Details
• PIM Design Details
• Summary
-
323232© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Strengths of EIGRP
• Advanced distance vector
• Maps easily to the traditional multilayer design
• 100% loop free
• Fast convergence
• Easy configuration
• Incremental update
• Supports VLSM and discontiguous network
• Classless routing
• Protocol independentIPv6, IPX and AppleTalk
• Unequal cost paths load balancing
• Flexible topology design options
-
333333© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRP Design Rules for HA CampusSimilar to WAN Design, But…
• EIGRP design for the campus follows all the same best practices as you use in the WAN with a few differences
No BW limitations
Lower neighbor counts
Direct fiber interconnects
Lower cost redundancy
HW switching
• WAN à stability and speed
• Campus à stability, redundancy, load sharing, and high speed
SiSiSiSi
SiSiSiSi
-
343434© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRP in the CampusConversion to an EIGRP Routed Edge
• The greatest advantages of extending EIGRP to the access are gained when the network has a structured addressing plan that allows for use of summarization and stub routers
• EIGRP provides the ability to implement multiple tiers of summarization and route filtering
• Relatively painless to migrateto a L3 access with EIGRP if network addressingscheme permits
• Able to maintain a deterministic convergence time in very large L3 topology
10.10.0.0/1710.10.128.0/17
10.10.0.0/16
SiSi SiSi SiSi SiSi
SiSi SiSi
-
353535© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRP Protocol Fundamentals
Metric:• Metric = [K1 x BW + (K2 x BW)/(256 - Load) +
K3 x Delay] x [K5/(Reliability + K4)] x 256By Default: K1 = 1, K2 = 0, K3 = 1, K4 = K5 = 0
• Delay is sum of all the delays along the pathDelay = Delay/10
• Bandwidth is the lowest bandwidth link along the pathBandwidth = 10000000/Bandwidth
Packets:• Hello: establish neighbor relationships
• Update: send routing updates
• Query: ask neighbors about routing information
• Reply: response to query about routing information
• Ack: acknowledgement of a reliable packet
-
363636© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRP Protocol Fundamentals (Cont.)
DUAL Algorithm• Diffusing update algorithm
• Finite-state-machineTrack all routes advertised by neighbors
Select loop-free path using a successor and remember any feasible successors
If successor lostUse feasible successor
If no feasible successorQuery neighbors and recompute new successor
• A successor is a neighbor that has met the Feasibility Condition(FC) and has the least cost path towards the destination
• Multiple successors are possible (load balancing)
• A feasible successor is the neighbor with the next best loop free next hop towards destination
-
373737© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRP Design Rules for HA CampusLimit Query Range to Maximize Performance
• EIGRP convergence islargely dependent on query response times
• Minimize the number of queries to speed up convergence
• Summarize distribution block routes upstream to the core
Upstream queries are returned immediately with infinite cost
• Configure all access switches as EIGRP stub routers
No downstream queries areever sent
SiSiSiSi
SiSiSiSi
-
383838© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRP NeighborsEvent Detection
• EIGRP neighbor relationships are created when a link comes up and routing adjacency is established
• When physical interface changes state, the routing process is notified
Carrier-delay should be set as a rule becauseit varies based upon the platform
• Some events are detected by therouting protocol
Neighbor is lost, but interface is UP/UP
• To improve failure detectionUse Routed Interfaces and not SVIsDecrease interface carrier-delay to 0Decrease EIGRP hello andhold-down timers
Hello = 1Hold-down = 3
SiSiSiSi
interface GigabitEthernet3/2ip address 10.120.0.50 255.255.255.252ip hello-interval eigrp 100 1ip hold-time eigrp 100 3carrier-delay msec 0
Hello’s
RoutedInterface
SiSi
SiSi
SiSi
L2 Switchor VLAN Interface
-
393939© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRP Query ProcessQueries Propagate the Event
• EIGRP is an advanced distant vector; it relies on its neighbor to provide routing information
• If a route is lost and no feasible successor is available, EIGRPactively queries its neighbors for the lost route(s)
• The router will have to get replies back from ALL queried neighbors before the router calculatessuccessor information
• If any neighbor failsto reply, the queried routeis stuck in active and therouter resets the neighborthat fails to reply
• The fewer routers and routesqueried, the faster EIGRP converges; solution is to limit query range
SiSiSiSi
Query
SiSiSiSi
SiSiSiSi
Query
Query
Query
Query
Query
Query
Query
Query
Reply
Reply
Reply
Reply
Reply
Reply
Reply
Reply
Reply
Traffic
Drop
ped U
ntil
EIGRP
Conv
erges
Access
Distribution
Core
Distribution
Access
-
404040© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
A CB 130.130.1.0/24
B Summarizes 130.0.0.0/8 to A
130.x.x.x
Reply with Infinity and theQuery Stops Here!
Query for130.130.1.0/24
EIGRP Query Range
• Summarization pointAuto or manual summarization bound queries
Requires a good address allocation scheme
• Stubs also help to reduce the query range
X129.x.x.x
Query for130.130.1.0/24
8
-
414141© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRP SummarizationSmaller Routing Tables, Smaller Updates, Query Boundary
• Auto summarization:On major network boundaries, networks are summarized to themajor networksAuto summarization is turned on by default
• Manual summarizationConfigurable on per interface basis in any router within networkWhen summarization is configured on an interface, the router immediately creates a route pointing to null zero with administrative distance of five (5)
Loop prevention mechanismWhen the last specific route of the summary goes away, the summaryis deletedThe minimum metric of the specific routes is used as the metric of the summary route
192.168.1.x
192.168.1.0
192.168.2.x
-
424242© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
10.130.0.0/16
Manual EIGRP Summarization
10.130.1.0/24
SiSiSiSi
10.130.2.0/24 10.130.3.0/24 10.130.254.0/24
ip summary-address EIGRP
SiSiSiSi
interface gigabitethernet 3/1ip address 10.120.10.1 255.255.255.252ip summary-address eigrp 1 10.130.0.0 255.255.0.0
-
434343© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
No Queries to Rest of Network
from Core
EIGRP Query Process with Summarization
SiSiSiSi
SiSiSiSi
Query Query
Query ReplyReply
Reply
Reply8Reply8
interface gigabitethernet 3/1ip address 10.120.10.1 255.255.255.252ip summary-address eigrp 1 10.130.0.0 255.255.0.0
SummaryRoute
SummaryRoute
Traffic
Drop
ped U
ntil
EIGRP
Conv
erges
• When we summarize from distribution to core for the subnets in the access we can limit the upstream query/reply process
• In a large network this could be significant because queries will now stop at the core; no additional distribution blocks will be involved in the convergence event
• The access layer is still queried
-
444444© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRP Stubs
• A stub router signals (through the hello protocol) that it is a stub and should not transit traffic
• Queries that would have been generated towards the stub routers are marked as if a “No path this direction” reply had been received
• D1 will know that stubs cannot be transit paths, so they will not have any path to 10.130.1.0/24
• D1 simply will not query the stubs, reducing the total number of queries in this example to 1
• These stubs will not pass D1’s advertisement of 10.130.1.0/24 to D2
• D2 will only have one path to 10.130.1.0/24
D2D1
Distribution
Access
SiSi SiSi
10.130.1.0/24
Hello, I’m a Stub…
I’m Not Going to Send You Any Queries Since You Said That!
-
454545© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRP Stubs
• Connected: advertise directly connected networks
• Static: advertise redistributed static routes
• Summary: advertise locally created summaries
• Receive-only: don’t advertise anything
router(config-router)#EIGRP stub ?connected Do advertise connected routesreceive-only Set IP-EIGRP as receive only neighborstatic Do advertise static routessummary Do advertise summary routes
-
464646© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
No Queries to Rest of Network
from Core
EIGRP Query ProcessWith Summarization and Stub Routers
• When we summarize from distribution to core for the subnets in the access we can limit the upstream query/reply process
• In a large network this could be significant because queries will now stop at the core; no additional distribution blocks will be involved in the convergence event
• When the access switches are EIGRP stub’s we can furtherreduce the query diameter
• Non-stub routers do not query stub routers—so no queries will be sent to the access nodes
• No secondary queries—and only three nodes involved in convergence event
SiSiSiSi
SiSiSiSi
Query Reply
Reply8Reply8
Stub Stub
SummaryRoute
SummaryRoute
Traffic
Drop
ped U
ntil
EIGRP
Conv
erges
-
474747© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
SiSiSiSi
SiSiSiSi
EIGRP Route Filtering in the CampusControl Route Advertisements
• Bandwidth is not a constraining factor in the campus but it is still advisable to control number of routing updates advertised
• Remove/filter routes from the core to the access and inject a default route with distribute-lists
• Smaller routing table in access is simpler to troubleshoot
• Deterministic topologyrouter eigrp 100network 10.0.0.0distribute-list Default out
ip access-list standard Defaultpermit 0.0.0.0
-
484848© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
SiSiSiSi
SiSiSiSi
EIGRP Routed Access Campus DesignOverview
• Detect the event:Set hello-interval = 1 second and hold-time = 3 seconds to detect soft neighbor failures
Set carrier-delay = 0
• Propagate the event:Configure all access layer switches as stub routers to limit queries from the distribution layer
Summarize the access routes from the distribution to the core to limit queries across the campus
• Process the event:Summarize and filter routes to minimize calculating new successors for the RIB and FIB
SummaryRoute
Stub
For More Discussion on EIGRPDesign Best Practices—RST-3220-3222
-
494949© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Agenda
• Campus Network Designs
• Routed Access Design
• EIGRP Design Details
• OSPF Design Details
• PIM Design Details
• Summary
-
505050© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Open Shortest Path First (OSPF) Overview
• OSPFv2 established in 1991 with RFC 1247
• Goal—a link state protocol more efficient and scaleable than RIP
• Dijkstra Shortest Path First (SPF) algorithm
• Metric—path cost
• Fast convergence
• Support for CIDR, VLSM, authentication, multipathand IP unnumbered
• Low steady state bandwidth requirement
• OSPFv3 for IPv6 support
-
515151© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
OSPF MetricCost = Metric
• Cost applied on all router link paths
• The lower the more desirable
• Route decisions made on total cost of path
• Derived from bandwidth100000000 ÷ bandwidth 56-kbps serial link = 1785
Ethernet = 10 64-kbps serial link = 1562
T1 (1.544-Mbps serial link) = 65 Fast Ethernet = 1
• Configured via:Interface subcommand: bandwidth
Interface subcommand: ip ospf cost
Router subcommand: ospf auto-cost reference bandwidth
-
525252© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Hierarchical Campus DesignOSPF Area’s with Router Types
Data CenterWAN InternetBGP
SiSi SiSi SiSi SiSi SiSi SiSi
SiSi SiSi
SiSi SiSiSiSi SiSi
SiSi SiSi
Area 0
Area 200
Area 20 Area 30Area 10
BackboneBackbone
ABR’s ABR’s
Internal’sInternal’s
Area 0
ABR’s
Area 100
ASBR’s
ABR’s
ABR’sArea 300
Access
Distribution
Core
Distribution
Access
-
535353© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
OPSF Design Rules for HA CampusWhere Are the Areas?
• Area size/border is bounded by the same concerns in the campus as the WAN
• In campus the lower number of nodes and stability of local links could allow you to build larger areas however…
• Area design also based on address summarization
• Area boundaries should define buffers between fault domains
• Keep area 0 for core infrastructure do not extend to the access routers
Data CenterWAN Internet
SiSi SiSi SiSi SiSi SiSi SiSi
SiSiSiSi
SiSiSiSi
SiSi SiSiSiSiSiSi
Area 100 Area 110 Area 120
Area 0
-
545454© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
OSPF in the CampusConversion to an OSPF Routed Edge
• OSPF designs that utilize an area for each campus distribution building block allow for straight forward migration to Layer 3 access
• Converting L2 switches to L3 within a contiguous area is reasonable to consider as long as new area size is reasonable
• How big can the area be?
• It depends!Switch type(s)
Number of links
Stability of fiber plant
Area 200Branches
Area 0Core
Area 10Dist 1
Area 20Dist 2
SiSi SiSi SiSi SiSi
SiSiSiSi
-
555555© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
OSPF in the CampusConversion to an OSPF Routed Edge
• Other OSPF area designs may not permit an easy migration to a layer 3access design
• Introduction of another network tier via BGP maybe required
• Extension of area’s beyond good design boundaries will result in loss of overall availability
External Network
Area 0Backbone
Area 100Non-Stub
SiSi SiSi SiSi SiSi
SiSiSiSi
RedistributingExternals
-
565656© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
When a Link Changes State
• Every router in area hears a specific link LSA
• Each router computes shortest path routing table
Router 2, Area 1
Old Routing Table New Routing Table
Link State Table
LSA
Dijkstra Algorithm
ACK
Router 1, Area 1
SiSi
-
575757© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Different Types of LSAs
• Router link (LSA type 1)
• Network link (LSA type 2)
• Network summary (LSA type 3)
• ASBR (LSA type 4)
• External (LSA type 5)
• NSSA external (LSA type 7)
-
585858© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
SiSiSiSi
Backbone Area 0
Area 120
Area Border Router
Regular AreaABRs Forward All LSAs from Backbone
An ABR Forwards the Following into an Area
Summary LSAs (Type 3)ASBR Summary (Type 4)Specific Externals (Type 5)
Access Config:router ospf 100network 10.120.0.0 0.0.255.255 area 120
Distribution Configrouter ospf 100summary-address 10.120.0.0 255.255.0.0network 10.120.0.0 0.0.255.255 area 120network 10.122.0.0 0.0.255.255 area 0
External Routes/LSA Present in Area 120
SiSiSiSi
-
595959© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
SiSiSiSi
Backbone Area 0
Area 120
Area Border Router
Stub AreaConsolidates Specific External Links—Default 0.0.0.0
Stub Area ABR ForwardsSummary LSAsSummary Default to ABR
Access Config:router ospf 100area 120 stubnetwork 10.120.0.0 0.0.255.255 area 120
Distribution Configrouter ospf 100area 120 stub summary-address 10.120.0.0 255.255.0.0network 10.120.0.0 0.0.255.255 area 120network 10.122.0.0 0.0.255.255 area 0
Eliminates External Routes/LSA Present in Area (Type 5)
SiSiSiSi
-
606060© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
SiSiSiSi
SiSiSiSi
Backbone Area 0
Area 120
Area Border Router
A Totally Stubby AreaABR Forwards
Summary Default to ABR
Totally Stubby AreaUse This for Stable—Scalable Internetworks
Access Config:router ospf 100area 120 stub no-summarynetwork 10.120.0.0 0.0.255.255 area 120
Distribution Configrouter ospf 100area 120 stub no-summarysummary-address 10.120.0.0 255.255.0.0network 10.120.0.0 0.0.255.255 area 120network 10.122.0.0 0.0.255.255 area 0
Minimize the Number of LSA’s and the Need for Any External Area SPF Calculations
-
616161© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
SiSiSiSi
SiSiSiSi
Backbone Area 0
Not So Stubby Area (NSSA)
NSSA ABR Forwards Summary LSAsSummary 0.0.0.0 to ABR
NSSA 120
ABR—Type 7 à Type 5
ASBR Injects LSA Type 7
RIP
Totally Stubby NSSA ABR Forwards
Summary 0.0.0.0 to ABR
Minimize the Number of LSA’s and the Need for Any External Area While Supporting External Connectivity
Access Config:router ospf 100area 120 nssa no-summarynetwork 10.120.0.0 0.0.255.255 area 120
Distribution Configrouter ospf 100area 120 nssa no-summarysummary-address 10.120.0.0 255.255.0.0network 10.120.0.0 0.0.255.255 area 120network 10.122.0.0 0.0.255.255 area 0
-
626262© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
SiSiSiSi
SiSiSiSi
Backbone Area 0
Area 120
Area Border Router
ABR’s ForwardSummary 10.120.0.0/16
Summarization Distribution to CoreReduce SPF and LSA Load in Area 0
Access Config:router ospf 100area 120 stub no-summarynetwork 10.120.0.0 0.0.255.255 area 120
Distribution Configrouter ospf 100area 120 stub no-summarysummary-address 10.120.0.0 255.255.0.0network 10.120.0.0 0.0.255.255 area 120network 10.122.0.0 0.0.255.255 area 0
Minimize the Number of LSA’s and the Need for Any SPF Recalculations at the Core
-
636363© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
OSPF Default Route to Totally Stubby Area
• Totally stubby area’s are used to isolate the access layer switches from route calculations due to events in other areas
• This means that the ABR (the distribution switch) will send a default route to the access layer switch when the neighbor relationship is established
• The default route is sent regardless of the distribution switches ability to forward traffic on to the core (area 0)
• Traffic could be black holed until connectivity to the core is established
A B
Traffic
Drop
ped U
ntil
Conn
ectivit
y to Co
re
Estab
lished
Defau
lt
Route
SiSi
SiSi
SiSi
SiSi
Note: Solution to this anomaly is being investigated.
-
646464© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
SiSi
SiSi
OSPF Timer TuningHigh-Speed Campus Convergence
• OSPF by design has a number of throttling mechanisms to prevent the network from thrashing during periods of instability
• Campus environments are candidates to utilize OSPF timer enhancements
Sub-second hellos
Generic IP (interface) dampening mechanism
Back-off algorithm for LSA generation
Exponential SPF backoff
Configurable packet pacing
Incremental SPF
Reduce SPF Interval
SiSi
SiSi
Reduce Hello Interval
-
656565© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Subsecond Hello’sNeighbor Loss Detection—Physical Link Up
• OSPF hello/dead timers detect neighbor loss in the absence of physical link loss
• Useful in environments where an L2 device separates L3 devices (Layer 2 core designs)
• Aggressive timers are needed to quickly detect neighbor failure
• Interface dampening is required if sub-second hello timers are implemented
Traffic
Drop
ped U
ntil
Neigh
bor L
oss
Detec
tion O
ccurs
OSPF Processing
Failure(Link Up)
A B
SiSi
SiSi
SiSi
SiSi
Access Config:interface GigabitEthernet1/1dampeningip ospf dead-interval minimal hello-multiplier 4
router ospf 100area 120 stub no-summarytimers throttle spf 10 100 5000timers throttle lsa all 10 100 5000timers lsa arrival 80
-
666666© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
OSPF LSA Throttling
• By default, there is a 500ms delay before generating router and network LSA’s; the wait is used to collect changes during a convergence event and minimize the number of LSA’s sent
• Propagation of a new instance of the LSA is limited at the originator
timers throttle lsa all
• Acceptance of a new LSAs is limited by the receiver
timers lsa arrival
Traffic Dropped Until
LSA Generated and
Processed
Access Config:interface GigabitEthernet1/1ip ospf dead-interval minimal hello-multiplier 4
router ospf 100area 120 stub no-summarytimers throttle spf 10 100 5000timers throttle lsa all 10 100 5000timers lsa arrival 80
A B
SiSi
SiSi
SiSi
SiSi
-
676767© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
OSPF SPF Throttling
• OSPF has an SPF throttling timer designed to dampen route recalculation (preserving CPU resources) when a link bounces
• 12.2S OSPF enhancements let us tune this timer to milliseconds; prior to 12.2S one second was the minimum
• After a failure, the router waits forthe SPF timer to expire before recalculating a new route; SPF timer was one second
Traffic
Dropp
ed Un
til
SPF T
imer
Expir
es
Access Config:interface GigabitEthernet1/1ip ospf dead-interval minimal hello-multiplier 4
router ospf 100area 120 stub no-summarytimers throttle spf 10 100 5000timers throttle lsa all 10 100 5000timers lsa arrival 80
A B
SiSi
SiSi
SiSi
SiSi
-
686868© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
SiSiSiSi
SiSiSiSi
OSPF Routed Access Campus DesignOverview—Fast Convergence
• Detect the event:Decrease the hello-interval and dead-interval to detect soft neighbor failures
Enable interface dampening
Set carrier-delay = 0
• Propagate the event:Summarize routes between areasto limit LSA propagation acrossthe campus
Tune LSA timers to minimize LSA propagation delay
• Process the event:Tune SPF throttles to decrease calculation delays
StubArea120
BackboneArea
0
-
696969© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
SiSiSiSi
SiSiSiSi
OSPF Routed Access Campus DesignOverview—Area Design
• Use totally stubby areas to minimize routes in Access switches
• Summarize area routes to backbone Area 0
• These recommendations will reduce number of LSAs and SPF recalculations throughout the network and provide a more robust and scalable network infrastructure
Area Routes Summarized
router ospf 100area 120 stub no-summarysummary-address 10.120.0.0 255.255.0.0network 10.120.0.0 0.0.255.255 area 120network 10.122.0.0 0.0.255.255 area 0
router ospf 100area 120 stub no-summarynetwork 10.120.0.0 0.0.255.255 area 120
Configured asTotally Stubby
Area
-
707070© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
SiSiSiSi
SiSiSiSi
OSPF Routed Access Campus DesignOverview—Timer Tuning
• In a hierarchical design, the key tuning parameters are spf throttle and lsa throttle
• Need to understand other LSA tuning in the non-optimal design
• Hello and dead timers are secondary failure detection mechanism
Reduce Hello Interval
Reduce SPF andLSA Interval
router ospf 100area 120 stub no-summaryarea 120 range 10.120.0.0 255.255.0.0timers throttle spf 10 100 5000timers throttle lsa all 10 100 5000timers lsa arrival 80network 10.120.0.0 0.0.255.255 area 120network 10.122.0.0 0.0.255.255 area 0
interface GigabitEthernet5/2ip address 10.120.100.1 255.255.255.254dampeningip ospf dead-interval minimal hello-multiplier 4
-
717171© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Agenda
• Campus Network Designs
• Routed Access Design
• EIGRP Design Details
• OSPF Design Details
• PIM Design Details
• Summary
-
727272© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Unicast vs. Multicast
• Expected behavior for Unicast-based applications
• Take advantage of multicast-based applications that provide same service
IP WAN
Headquarters
Branch A
Branch B
UnicastMoH
Multiply Times Number ofUnicast Endpoints
UnicastSoftware
Distribution
-
737373© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Headquarters
Branch A
Branch B
MulticastMoH
Unicast vs. Multicast
One-to-Few Streams Sent toGroup(s) of Receivers
Video/Streaming Media
Multicast Enabled InfrastructureAllows for New Technologies
Less BW Consumed to Provide Same ServiceLess CPU Utilization on Source DevicesLess Overall Impact on Network Devices Replicating and Forwarding Traffic
MulticastSoftware
Distribution
IP WAN
-
747474© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
IP Multicast Protocols
• Dense-mode protocolsUses “push” modelFlood and prune behavior
• Sparse-mode protocolsUses “pull” model: traffic sent only to where it is requestedExplicit join behavior
• Enterprise IPmc protocolsPIM, MOSPF, DVMRP,
• PIM—Protocol independent multicastUses underlying Unicast routing protocol to prevent loopsTwo modes: PIM dense mode and PIM sparse mode
-
757575© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Which PIM Mode—Sparse or Dense
“Sparse mode Good! Dense mode Bad!”
Source: “The Caveman’s Guide to IP Multicast”, ©2000, R. Davis
-
767676© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
PIM Sparse Mode (RFC 2362)
• Assumes no hosts wants multicast traffic unless they specifically ask for it
• Uses a Rendezvous Point (RP)Senders and receivers “rendezvous” at this point to learn of each others existence
Senders are “registered” with RP by their first-hop router
Receivers are “joined” to the shared tree (rooted at the RP) by their local Designated Router (DR)
• Appropriate for…
Wide scale deployment for both densely and sparsely populated groups in the enterprise
Optimal choice for all production networks regardless of size and membership density
-
777777© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Anycast RP—Overview
• PIM RP deployment optionsStatic, Auto-RP, BSR, and Anycast RP
• Anycast RP provides fast failover and load-balancingMultiple RPs use a single IP address
Two or more routers have same RP address (anycast)
RP address defined as a Loopback Interface
Senders and receivers register/join with closest RP
Closest RP determined from the Unicast routing table
MSDP session(s) run between all RPs
Informs RPs of sources in other parts of network
Facilitates sharing of source information
-
787878© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Anycast RP—Overview
MSDPMSDP
RecRec RecRec
Src Src
SA SAA
RP1
10.1.1.1B
RP2
10.1.1.1
X
-
797979© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Anycast RP—Overview
RecRec RecRec
SrcSrc
A
RP1
10.1.1.1B
RP2
10.1.1.1
X
-
808080© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Anycast RP Configuration
ip pim rp-address 10.0.0.1 ip pim rp-address 10.0.0.1
Interface loopback 0ip address 10.0.0.1 255.255.255.255
Interface loopback 1ip address 10.0.0.2 255.255.255.255
!ip msdp peer 10.0.0.3 connect-source loopback 1ip msdp originator-id loopback 1
Interface loopback 0ip address 10.0.0.1 255.255.255.255
Interface loopback 1ip address 10.0.0.3 255.255.255.255
!ip msdp peer 10.0.0.2 connect-source loopback 1ip msdp originator-id loopback 1
MSDPMSDPB
RP2
A
RP1
C D
-
818181© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
PIM Design Rules for Routed Campus
• Use PIM sparse mode• Enable PIM sparse mode on
ALL access, distribution and core layer switches
• Enable PIM on ALL interfaces• Use Anycast RPs in the core for
RP redundancy and fast convergence
• IGMP-snooping is enabled when PIM is enabled on a VLAN interface (SVI)
• (Optional) force the multicast traffic to remain on the shared-tree to reduce (S, G) state
• (Optional) use garbage canRP to black-hole unassigned IPmc traffic
IPmc Sources
WAN Internet
SiSi SiSi SiSi SiSi SiSi SiSi
SiSiSiSi
SiSiSiSi SiSi SiSiSiSiSiSi
IP/TV ServerCall Managerw/MoH
RP-Left10.122.100.1
RP-Right10.122.100.1
-
828282© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Multicast Routed Access Campus DesignThings You Don’t Have to Do…
• Tune PIM query interval for designated router convergence
• Configure designated router to matchHSRP primary
• Configure PIM snooping on L2 switchesbetween L3 switches
• Worry about all those L2/L3 flowinconsistency issues
-
838383© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Agenda
• Campus Network Designs
• Routed Access Design
• EIGRP Design Details
• OSPF Design Details
• PIM Design Details
• Summary
-
848484© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Routing to the Edge Advantages? Yes, with a Good Design
• Sub-200 msec convergence for EIGRP and OSPF• Ease of implementation; fewer things to get right• Troubleshooting; well known protocols and tools• Simplified IP Multicast deployment• Considerations; spanning VLANs, IP addressing, IGP selection
A B
SiSiSiSi
SiSiSiSi
00.2
0.40.60.8
11.21.41.61.8
2
RPVST+ OSPF EIGRP
UpstreamDownstream
Sec
onds
-
858585© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Routed Access DesignSummary
• EIGRP or OSPF routed links between access and distribution• Routed interfaces, not VLAN trunks, between switches• Equal cost multi path to load balance traffic across network• Route summarization at distribution with stub routers/areas
• Single (IGP) control plan to configure/manage/troubleshoot
10.1.20.010.1.120.0
VLAN 20 DataVLAN 120 Voice
EIGRP or OSPFEqual Cost Multi Path
Layer 2
Layer 3
SiSiSiSi
SiSiSiSi
VLAN 40 DataVLAN 140 Voice
10.1.40.010.1.140.0
Access
Distribution
-
868686© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
Recommended Reading
• Continue your Networkerslearning experience with further reading for this session from Cisco Press
• Check the Recommended Reading flyer for suggested books
Available Onsite at the Cisco Company Store
-
878787© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
-
888888© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRPCore Layer Configuration
!
router eigrp 100
network 10.0.0.0
no auto-summary
interface TenGigabitEthernet3/1
description 10GigE to Distribution 1
ip address 10.122.0.29 255.255.255.252
ip pim sparse-mode
ip hello-interval eigrp 100 1
ip hold-time eigrp 100
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 eigrp
carrier-delay msec 0
mls qos trust dscp
!
interface TenGigabitEthernet3/2
description 10GigE to Distribution 2
ip address 10.122.0.37 255.255.255.252
ip pim sparse-mode
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 eigrp
carrier-delay msec 0
mls qos trust dscp
6k-core configuration
-
898989© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRPDistribution Layer Configuration
interface TenGigabitEthernet4/2description 10 GigE to Core neighborip address 10.122.0.38 255.255.255.252ip pim sparse-modeip authentication mode eigrp 100 md5ip authentication key-chain eigrp 100 eigrpip summary-address eigrp 100 10.120.0.0
255.255.0.0 5mls qos trust dscp
!
router eigrp 100network 10.0.0.0distribute-list Default out GigabitEthernet3/1distribute-list Default out GigabitEthernet3/2 …distribute-list Default out
GigabitEthernet9/15no auto-summary
!
ip access-list standard Defaultpermit 0.0.0.0permit 10.0.0.0
interface GigabitEthernet3/2description typical link to Access neighborip address 10.120.0.50 255.255.255.252ip pim sparse-modeip hello-interval eigrp 100 1ip hold-time eigrp 100 3ip authentication mode eigrp 100 md5ip authentication key-chain eigrp 100 eigrpcarrier-delay msec 0mls qos trust dscp
!
interface TenGigabitEthernet4/3description 10GigE to Distribution neighborip address 10.120.0.22 255.255.255.252ip pim sparse-modeip hello-interval eigrp 100 1ip hold-time eigrp 100 3ip authentication mode eigrp 100 md5ip authentication key-chain eigrp 100 eigrpmls qos trust dscp
6k-distribution configuration
-
909090© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
EIGRPAccess Layer Configuration
interface Vlan4ip address 10.120.4.1 255.255.255.0ip helper-address 10.121.0.5no ip redirectsip pim sparse-modeip igmp snooping fast-leave
!interface Vlan104ip address 10.120.104.1 255.255.255.0ip helper-address 10.121.0.5no ip redirectsip pim sparse-modeip igmp snooping fast-leave
!router eigrp 100passive-interface defaultno passive-interface GigabitEthernet1/1no passive-interface GigabitEthernet2/1network 10.0.0.0no auto-summaryeigrp stub connected
interface GigabitEthernet2/1description cr3-6500-2 Distributionno switchportip address 10.120.0.53 255.255.255.252ip hello-interval eigrp 100 1ip hold-time eigrp 100 3ip authentication mode eigrp 100 md5ip authentication key-chain eigrp 100 eigrpip pim sparse-modecarrier-delay msec 0qos trust dscptx-queue 3
priority high
!
interface FastEthernet3/5description Host port w/ IP Phoneswitchport access vlan 4switchport mode accessswitchport voice vlan 104qos trust costx-queue 3
priority highspanning-tree portfastspanning-tree bpduguard enable
Catalyst 4507 configuration
-
919191© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
OSPFCore Layer Configuration
router ospf 100router-id 10.122.10.2log-adjacency-changestimers throttle spf 10 100 5000timers throttle lsa all 10 100 5000timers lsa arrival 80passive-interface Loopback0passive-interface Loopback1passive-interface Loopback2network 10.122.0.0 0.0.255.255 area 0.0.0.0
!
interface Port-channel1description Channel to Peer Core nodedampeningip address 10.122.0.19 255.255.255.254ip pim sparse-modeip ospf dead-interval minimal hello-multip 4load-interval 30carrier-delay msec 0mls qos trust dscp
!
interface TenGigabitEthernet3/1description 10GigE to Distribution 1dampeningip address 10.122.0.20 255.255.255.254ip pim sparse-mode ip ospf dead-interval minimal hello-multip 4load-interval 30carrier-delay msec 0mls qos trust dscp
!
6k-core configuration
-
929292© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
OSPFDistribution Layer Configuration
router ospf 100router-id 10.122.102.1log-adjacency-changesarea 120 stub no-summaryarea 120 range 10.120.0.0 255.255.0.0timers throttle spf 10 100 5000 timers throttle lsa all 10 100 5000timers lsa arrival 80network 10.120.0.0 0.0.255.255 area 120network 10.122.0.0 0.0.255.255 area 0
interface GigabitEthernet3/2description 3750 Access Switchdampeningip address 10.120.0.8 255.255.255.254ip pim sparse-modeip ospf dead-interval minimal hello-multip 4load-interval 30carrier-delay msec 0mls qos trust dscp
!
interface TenGigabitEthernet4/1description 10 GigE to Core 1dampeningip address 10.122.0.26 255.255.255.254ip pim sparse-modeip ospf dead-interval minimal hello-multip 4load-interval 30carrier-delay msec 0mls qos trust dscp
6k-dist-left configuration
-
939393© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
OSPFAccess Layer Configuration
interface Vlan2description Data VLAN for 3750 Dataip address 10.120.2.1 255.255.255.0ip helper-address 10.121.0.5no ip redirectsip pim sparse-modeip igmp snooping fast-leave
!
interface Vlan102description Voice VLAN for 3750-accessip address 10.120.102.1 255.255.255.0ip helper-address 10.121.0.5no ip redirectsip pim sparse-modeip igmp snooping fast-leave
!
router ospf 100router-id 10.120.250.2log-adjacency-changesarea 120 stub no-summarytimers throttle spf 10 100 5000timers throttle lsa all 10 100 5000timers lsa arrival 80passive-interface defaultno passive-interface GigabitEthernet1/0/1no passive-interface GigabitEthernet3/0/1network 10.120.0.0 0.0.255.255 area 120
interface GigabitEthernet1/0/1description Uplink to Distribution 1no switchportdampeningip address 10.120.0.9 255.255.255.254ip pim sparse-modeip ospf dead-interval minimal hello-multip 4load-interval 30carrier-delay msec 0srr-queue bandwidth share 10 10 60 20srr-queue bandwidth shape 10 0 0 0 mls qos trust dscpauto qos voip trust
interface FastEthernet2/0/1description Host port with IP Phoneswitchport access vlan 2switchport voice vlan 102srr-queue bandwidth share 10 10 60 20srr-queue bandwidth shape 10 0 0 0 mls qos trust device cisco-phonemls qos trust cosauto qos voip cisco-phone spanning-tree portfastspanning-tree bpduguard enable
3750-Access configuration
-
949494© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
PIMDistribution and Access Layer
ip multicast-routingip igmp snooping vlan 4 immediate-leave ip igmp snooping vlan 104 immediate-leave no ip igmp snooping ! interface VlanX
ip address 10.120.X.1 255.255.255.0 ip helper-address 10.121.0.5 no ip redirects ip pim sparse-mode
!ip pim rp-address 10.122.100.1 GOOD-IPMC
overrideip pim spt-threshold infinity!ip access-list standard Default
permit 10.0.0.0ip access-list standard GOOD-IPMC
permit 224.0.1.39permit 224.0.1.40permit 239.192.240.0 0.0.3.255permit 239.192.248.0 0.0.3.255
ip multicast-routing!interface Loopback2
description Garbage-CAN RPip address 2.2.2.2 255.255.255.255
!interface Y
description GigE to Access/Core ip address 10.122.0.Y 255.255.255.252 ip pim sparse-mode
!!ip pim rp-address 10.122.100.1 GOOD-IPMC
overrideip pim rp-address 2.2.2.2ip pim spt-threshold infinity!ip access-list standard Default
permit 10.0.0.0ip access-list standard GOOD-IPMC
permit 224.0.1.39permit 224.0.1.40permit 239.192.240.0 0.0.3.255permit 239.192.248.0 0.0.3.255
4507k-access configuration6k-dist-left configuration
-
959595© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
PIMCore Layer RP Configuration—1
ip multicast-routing!interface Loopback0description MSDP PEER INT ip address 10.122.10.2 255.255.255.255
! interface Loopback1 description ANYCAST RP ADDRESS ip address 10.122.100.1 255.255.255.255
! interface Loopback2 description Garbage-CAN RP ip address 2.2.2.2 255.255.255.255
! interface TenGigabitEthernet M/Zip address 10.122.0.X 255.255.255.252ip pim sparse-mode
!ip pim rp-address 2.2.2.2 ip pim rp-address 10.122.100.1 GOOD-IPMC
override ip pim accept-register list PERMIT-SOURCES ip msdp peer 10.122.10.1 connect-source
Loopback0 ip msdp description 10.122.10.1
ANYCAST-PEER-6k-core-leftip msdp originator-id Loopback0
ip multicast-routing!interface Loopback0description MSDP PEER INT ip address 10.122.10.1 255.255.255.255
! interface Loopback1 description ANYCAST RP ADDRESS ip address 10.122.100.1 255.255.255.255
! interface Loopback2 description Garbage-CAN RP ip address 2.2.2.2 255.255.255.255
! interface TenGigabitEthernet M/Y ip address 10.122.0.X 255.255.255.252ip pim sparse-mode
!ip pim rp-address 2.2.2.2 ip pim rp-address 10.122.100.1 GOOD-IPMC
override ip pim accept-register list PERMIT-SOURCES ip msdp peer 10.122.10.2 connect-source
Loopback0 ip msdp description 10.122.10.2
ANYCAST-PEER-6k-core-right ip msdp originator-id Loopback0
6k-core Right Anycast-RP configuration6k-core Left Anycast-RP configuration
-
969696© 2005 Cisco Systems, Inc. All rights reserved.RST-203111207_05_2005_c2
PIMCore Layer RP Configuration—2
! Continued from previous slide! ip access-list standard GOOD-IPMCpermit 224.0.1.39permit 224.0.1.40permit 239.192.240.0 0.0.3.255permit 239.192.248.0 0.0.3.255
!ip access-list extended PERMIT-SOURCESpermit ip 10.121.0.0 0.0.255.255
239.192.240.0 0.0.3.255 permit ip 10.121.0.0 0.0.255.255
239.192.248.0 0.0.3.255
! Continued from previous slide! ip access-list standard GOOD-IPMCpermit 224.0.1.39permit 224.0.1.40permit 239.192.240.0 0.0.3.255permit 239.192.248.0 0.0.3.255
!ip access-list extended PERMIT-SOURCESpermit ip 10.121.0.0 0.0.255.255
239.192.240.0 0.0.3.255 permit ip 10.121.0.0 0.0.255.255
239.192.248.0 0.0.3.255
6k-core Right Anycast-RP configuration6k-core Left Anycast-RP configuration